Botnets: who's behind them and why?

By posing as a rogue programmer, Cisco researchers gained a unique insight into the world of botnets and their owners

Poor education, a criminal record and a dislike of authority can all turn programmers bad. That's the finding of Cisco researchers who posed as botmasters to enter the world of online crime.

"I wanna do what I wanna do, whenever I want," one botmaster told the researchers. By posing online as a rogue programmer, the researchers got him to reveal how he spams thousands of instant messenger users with enticements to install infected utilities.

For every 10,000 messages sent, "at least one per cent" will respond and become part of his botnet. The team, from Cisco's Security Intelligence Operations unit, found that for botmasters, criminality is just a by-product of running a small business.

The botmaster said he sold a 10,000-machine botnet for $800, but also claimed that selling off infected machines is relatively rare. He said that a friend made between $5,000 and $10,000 per week solely through renting out his botnet to phishing gangs.

Dumbing down

Today, those without the necessary computer skills can easily gain access to advanced tools for creating profitable, robust and secure botnets.

Over the course of their online conversations, Cisco's researchers learned of online marketplaces where the budding cybercriminal can buy everything he needs to set up a botnet.

"The bot software is advertised much like any other software," claims Cisco. "Anyone with basic computer experience is able to run one. It's not necessary to understand the code, nor is there a need to understand networking."

Following the money

Alex Constantinides is a director of UK-based online security consultancy MetaSec. "It just goes to show how these things have evolved," he told us. "Originally, simply knocking servers off the net was the thing – for fun. Then botnets became a blackmailing tool. Now they're predominantly used for financial gain."

Janet Williams is a Deputy Assistant Commissioner with the Metropolitan Police Service, and she heads up the Police Central e-crime Unit (PCeU). Williams has just launched the ACPO e-crime Strategy, designed to help police forces pool their resources in response to e-crime.

"This strategy is designed to assist law enforcement in building a response to this challenge," says Williams. "We trust that by doing so we'll enhance both industry and public confidence."

Potential botmasters tend to fit a profile, so identifying them shouldn't be difficult, as F-Secure's Mikko Hypponen points out:

"It's often the people with the skills but without the opportunities," he says. "Many of these online criminals are coming from developing countries. If you know how to code and are living in London – great! You'll get a job easy," says Hypponen. "If you know how to code and are living in Siberia – not so great."

Mikko hypponen

ALL ABOUT THE MONEY: Mikko Hypponen says many will still "choose the dark side", even with the opportunity to go straight

"The only real way to find the perpetrators, like traditional bank robberies, is to follow the money," Roger Thompson, Chief Research Officer at AVG Technologies, told us. "However, even this becomes difficult as it involves multiple countries and there are many different layers and players."

The strongest psychological factor for many botmasters may simply be the excitement of breaking the law, as Hypponen concludes: "Some people would have the opportunities but still choose the dark side…" he says.